
IN THE CLAIMS : 

Please cancel claims 1-20, and add new claims 21-44 as follows: 

1.-20. (Canceled) 

■ * • 

21 . (New) A method of providing computer resource access rights to a process, 
comprising: 

providing a memory storing meta-data, the meta-data defining resource access rights 

of the process; 
receiving a request from the process to authenticate a user; 

authenticatinig the user responsive to the request from the process; and 
responsive to a positive authentication of the user, altering the meta-data in the 

memory to provide the process with resource access rights defined for the 

process. 

22. (New) The method of claim 2 1 , 

wherein the meta-data stored in the memory initially has a null value; and 
wherein altering the meta-data in the memory comprises: 

' substituting the null value with an identification of the user. 

23. (New) The method of claim 21, wherein authenticating the user responsive to the 
request from the process comprises: 

providing the user with a first value; 

receiving a User identification and a second value from the process, the second value 

generated responsive to a password and the first value; 
generating the password from the first and second values; and 
authenticating the user responsive to the usemame and the password. 

i ■ 

24. (New) The method of claim 2 1 , wherein authenticating the user responsive to the 
request from the process comprises: 

2 

24089 /Case 9281 
Serial No. 10/635,752 
24089/09281/DOCS/1508868.2 



providing the user with a first value; 

receiving a user identification and a second value from the process; the second value 
generated responsive to the first value and a password provided by the user; 

identifying a password associated with the received user identification; 

generating a third value from the first value and the password associated with the 
received user identification; and 

positively authenticating the user if the generated third value matches the received 
second value. 



25. (New) The method of claim 24, wherein generating the third value from the first 
value and the password associated with the received user identification comprises: 

applying a hash function to the first value and the password associated with the 
received user identification. 



26. (New) The method of claim 21, 

wherein the memory stores a directory path; and 
fiirther comprising: 

responsive to the positive authentication of the user, providing the process 
with resource access rights to one or more resources located in a 
directory within the directory path, the directory being designated by 
the altered meta^data. 



27. (New) The miethodofclaini 21, further comprising: 

storing data in the memory indicating that the process has made a request to 
authenticate the user. 



28. (New) The method of claim 27, further comprising: 

» 

responsive to receiving a user identification from the user, verifying that the data in 
the memory indicates that the process has made a request to authenticate the 
user. 
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29. (New) A system for providing computer resource access rights to a process, 
comprising: 

a memory for storing meta-data, the meta-data defining resource access rights of the 
process; 

an interface module for receiving a request from the process to authenticate a user; 
a validation module for authenticating the user responsive to the request from the 
process; and 

a security module for altering, responsive to a positive authentication of the user, the 
meta-data in the memory to provide the process with resource access rights 
defined for the process. 

30. (New) The system of claim 29, 

* 

wherein the meta-data stored in the memory initially has a null value; and 
wherein the security module is adapted to substitute the null value with an 

identification of the user responsive to the. positive authentication of the user. 

31. (New) The system of claim 29, wherein the validation module is adapted to: 
provide the user with a first value; 

receive a user identification and a second value from the process, the second value 

generated responsive to a password and the first value; 
generate the password from the first and second values; and 
authenticate the user responsive to the usemame and the password. 

32. (New) The system of claim 29, wherein the validation module is adapted to: 

• * 

provide the user with a first value; 

receive a user identification and a second value from the process, the second value 
generated responsive to the first value and a password provided by the tiser; 
identify a password associated with the received user identification; 
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generate a third value from the first value and the password associated with the 

received user identification; and 
positively authenticate the user if the generated third value matches the received 

second value. 

33. (New) The system of claim 32, wherein the validation module is adapted to 
generate the third value by: 

applying a hash function to the first value and the password associated with the 
received user identification. 

34. (New) The system of claim 29, 

wherein the memory is adapted to store a directory path; and 

wherein the security module is adapted to: 

provide, responsive to the positive authentication of the user, the process with 
resource access rights to one or more resources located in a directory 
within the directory path, the directory being designated by the altered 
meta-data. 

35. (New) The system of claim 29, wherein the memory is adapted to: 

store data indicating that the process has made a request to authenticate the user. 

36. (New) The system of claim 35, wherein the validation module is adapted to: 
verify, responsive to receiving a xiser identification from the user, that the data in the 

memory indicates that the process has made a request to authenticate the user. 

37. (New) A computer program product having a computer-readable medium having 
embodied thereon program code for providing computer resource access rights to a process, the 
program code comprising: 

a memory module for storing meta-data, the meta-data defining resource access rights 
of the process; 
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an interface module for receiving a request from the process to authenticate a user; 
a validation module for authenticating the user responsive to the request from the 
process; and 

a security module for altering, responsive to a positive authentication of the user, the 
meta-data in the memory module to provide the process with resource access 
rights defined for the process. 

38. (New) The computer program product of claim 37, 

wherein the meta-data stored in the memory module initially has a liull value; and 
wherein the security module is adapted to substitute the null value with an 

identification of the xiser responsive to the positive authentication of the user. 

39. (New) The computer program product of claim 37, wherein the validation 
module is adapted to: . 

provide the user v^th a first value; 

receive a user identification and a second value from the process, the second value 

generated responsive to a password and the first value; 
generate the password from the first and second values; and 
authenticate the user responsive to the usemamei and the password. 

40. (New) The computer program product of claim 37, wherein the validation 
module is adapted to: 

provide the user with a first value; 

receive a user identification and a second value from the process, the second value 

* 

generated responsive to the first value and a password provided by the user; 
identify a password associated with the received user identification; 
generate a third value from the first value and the password associated with the 

received user identification; and 
positively authenticate the user if the generated third value matches the received 

second value. 
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41 . (New) The computer program product of claim 40, wherein the validation module 

* 

is adapted to generate the third value by: 

applying a hash fimction to the first value and the password associated with the 
received user identification. 



42. (New) The computer program product of claim 37, 

wherein the memory module is adapted to store a directory path; and 

wherein the security module is adapted to: 

provide, responsive to the positive authentication of the user, the process with 
resource access rights to one or more resources located in a directory 
v/ithin the directory path, the directory being designated by the altered 
meta-data. 

43. (New) The computer program product of claim 37, wherein the memory module 
is adapted to: 

store data indicating that the process has made a request to authenticate the user. 



44, (New) The computer program product of claim 43, wherein the validation 
module is adapted to: 

verify, responsive to receiving a user identification fi'pm the user, that the data in the 
memory module indicates that the process has made a request to authenticate, 
the user. 
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